Description

This script is vulnerable to Lotus Notes Formula Injection.

Lotus Notes Formula Injection is a vulnerability that allows an attacker to alter Lotus Notes Formula statements by manipulating the user input. Lotus Notes Formula Injection occurs when web applications accept user input that is directly placed into the Evaluate function from LotusScript. Consult References for more information about this vulnerability.

Remediation

Your script should filter metacharacters from user input.

References

FormulaPoster

Related Vulnerabilities

Node.js Debugger Unauthorized Access Vulnerability

Drupal Core 4.7.x Arbitrary Code Execution (4.7.0)

TimThumb WebShot remote code execution

WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking SQL Injection (1.6.7)

WordPress Plugin Link Library 'id' Parameter Cross-Site Scripting and SQL Injection Vulnerabilities (5.0.8)

Severity

High

Classification

CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution